[bisq-network/proposals] Migrate from Slack to Keybase (#127)

wiz notifications at github.com
Thu Oct 10 16:03:01 UTC 2019 

> _This is a Bisq Network proposal. Please familiarize yourself with the [submission and review process](https://docs.bisq.network/proposals.html)._

Bisq is a financial application, with real money on the line, and so security and privacy are a high priority for our project. We need our community to collaborate using a chat service that provides a high level of security and privacy to protect our communications, with built-in identity verification to defend against scammers and impersonators. Unfortunately, Slack does not sufficiently protect our communications in this regard.

Recently @m52go and I have discovered some serious security and privacy vulnerabilities in Bisq's slack workspace. The most obvious example is that anyone can sign up with the same name and profile photo and trivially impersonate people, demonstrated today when a scammer tried to impersonate me and ask people for ETH (which is hilarious because I'm a hardcore Bitcoin maximalist)

![insane](https://user-images.githubusercontent.com/232186/66585014-1086dc80-ebc1-11e9-9f55-58f911a8cc3c.png)

Other security vulnerabilities are probably even worse so I won't go into more detail here to give our attackers any ideas, but long story short we need to move away from Slack ASAP.

My proposal is to migrate to Keybase, which is an open-source, multi-platform, end-to-end encrypted chat app, that has the excellent identity verification using cryptographic proofs (posted as tweets, github gists, etc.), and cryptographically signs and verifies all messages. Additionally, the privacy of users is respected by basing identity on cryptography and not on phone numbers or other real-world things.

The bisq team on Keybase was created by @cbeams a few years back and so far over 100 people have joined. He's recently set me as admin and I've started setting up channels similar to our Slack workspace to prepare for a migration. Today's event showed us we are vulnerable to various attacks, but there are willing attackers poking around already.

Keybase has apps for Windows, macOS, Linux, Android, and iOS. It's come a long way in the past few years of development. Please try it out and join: https://keybase.io/team/bisq



-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/bisq-network/proposals/issues/127
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.bisq.network/pipermail/bisq-github/attachments/20191010/5f3628c8/attachment.html>

More information about the bisq-github mailing list